Spamhaus – Phishing Warning
Just a quick alert. Be on the look out for malware linked messages purporting to come from our friends over at SPAMHaus.
Apparently, there is a version of a malware scam targeting ESPs circulating. The message indicates that a company is being blocked by Spamhaus. They can download an app to remediate the problem. The app then installs the malware on the ESP system.
Here is what the email might look like
Your IP is listed on the Spamhaus Block List (SBL)
Your IP address is listed on the SBL as being assigned to, being under the control of, or being otherwise connected with a known spam operation listed on the ROKSO database as: Yambo Financials
Notes for RIPE Abuse/Security
You can’t send mail yet in inbox. Your email messages will send in bulk to your recipients.
As this listing is of part of a known ROKSO spam operation, Spamhaus can not remove this SBL listing if there is any functioning web site, mail server or DNS server still serving the spam operation in your IP. To have record SBL98581 removed from the SBL, the Abuse/Security representative of RIPE (or the Internet Service Provider responsible for supplying connectivity to your IP)
If the spam problem that caused this listing has been verifiably terminated we will normally remove the listing from the SBL without delay
Spamhaus is aware of the issue and working with authorities to catch the person responsible. A link to the issue is here https://www.spamhaus.org/news.lasso?article=664.
Huge thanks to Jason Warnock over at Yesmail for sharing the issue!
Don’t Just Send, Deliver!